Identity and Access Management: Are You Leaving Your Utility Exposed?
image credit: Photo by freestocks on Unsplash
- Oct 30, 2020 8:57 pm GMTOct 30, 2020 8:35 pm GMT
- 656 views
When it comes to protecting your data in the cloud, external hackers are often the first risk that comes to mind. Whether you picture someone breaking through a firewall or a malicious party infecting you with a virus—the emphasis is usually on a breach of your security perimeter.
While external security is so important for the energy and infrastructure sector, it also means that many utilities are overlooking a key issue—security breaches that originate from within.
Internally caused breaches are on the rise
According to a Forrester Research survey, internal breaches are the most commonly occurring cause of security incidents. Almost 40% of network security decision-makers indicated they had experienced an internal security breach in the past year.
While some employees intentionally commit their crime, there are also thousands of serious incidents that have been caused by stolen or misused credentials. In fact, around 80% of hacking-related breaches leveraged stolen or weak employee credentials.
Some examples include:
- Illinois water plan attack: attackers pulled usernames and passwords from the software vendor of the plant's SCADA system. Once the hackers gained access, they were able to exploit the utility computer systems to damage equipment (a water pump).
- Dragonfly 2.0 attacks: targeted phishing emails were directed to the energy sector, including rigged attachments that could steal credentials. Attackers gained access to vital systems, but did not take action.
- US nuclear facility job seeker scam: criminals posed as jobseekers sent resumes to plant control engineers which contained credential-harvesting malware. The hackers succeeded in accessing business systems although the intended goal was to gain access to safety and operational systems.
These utilities had gone to great lengths to ensure the security of their systems. Despite their efforts, they were all let down by identity and access management processes.
What is Identity and Access Management?
Identity and access management is the process responsible for managing the users who make use of IT services, data or other assets. Its role is to make sure that users “can access the right resources at the right times and for the right reasons.” These processes can also serve to identify behaviour that is out of the ordinary.
Measures implemented as part of an effective identity and access management process could have assisted in preventing the hacks listed above. For example, a two-factor authentication system could prevent criminal access using stolen credentials .
What are the issues?
Given the important role identity and access management plays in security, it’s surprising that many companies do not have adequate procedures in place. There are a myriad of reasons as to why:
- Focus on perimeter security: Utilities are focusing on fortifying their perimeter, taking attention away from internal processes.
- Vendor management: It can be difficult to properly assess the access management practices of vendors while balancing security with efficiency.
- Complexity of Utility IT: More applications and internet-connected devices are being used than ever before, including third-party cloud applications. The growing complexity makes implementing access management processes difficult.
- Poor password management: With too many applications to access, users start to write down / share credentials, increasing the risk of careless behaviour and opportunities for theft.
How can you protect your utility?
When moving to digital and remote operations, it’s extremely important that you don’t neglect identity and access management processes. At a minimum, your identity and access management processes should include:
- Security monitoring: Processes in place to notify you if suspicious activity is detected.
- Entitlement management systems: Applications that streamline entitlement management procedures.
- Single sign-on: One log-in that enables users to access their applications and improve password management processes.
- Two-factor authentication: In addition to a username and password, two-factor authentication requires something accessible only to the user, such as a personal phone message.
- ISO 27001 certification: Validation that third-party providers adhere to international best practices for the protection of information, and that your processes are in compliance.
Are you managing access appropriately?
Even the most secure utilities are vulnerable to breaches, an with recent alerts issued by the Cybersecurity and Infrastructure Security Agency, it’s important to remain vigilant.
If you’re concerned about your identity and access management processes, don’t wait until it is too late to address them. If you have questions or comments about identity and access management – I’m happy to answer. Drop them in the comments below or feel free to message me directly.